As you can see, during the first arithmetic operation, it multiplies ‘len’ with some constant values. If ‘len’ is large enough, it could result to an integer overflow and the subsequent call to os_malloc() would allocate incorrect number of bytes which will later result to heap memory corruption. The proposed patch is a simple check after the calculation.